🔒 security: Pin Dockerfile pip install by hash

DevaOnBreaches · DevaOnBreaches · commit fb6a0807d1ea · 2026-05-07T14:59:09.000+05:30
diff --git a/Dockerfile b/Dockerfile
@@ -21,9 +21,10 @@ RUN apt-get update && \
 
 # Copy only essential files first to leverage Docker's caching
 COPY requirements.txt ./
+COPY .github/requirements-pip.txt ./.github/requirements-pip.txt
 
 # Install dependencies efficiently
-RUN pip install --no-cache-dir --upgrade pip==25.0.1 && \
+RUN pip install --no-cache-dir --require-hashes -r .github/requirements-pip.txt && \
     pip install --no-cache-dir -r requirements.txt
 
 # Copy the rest of the app source code
